Wednesday 28 May 2014

Ways to check Linux OS is 32 bit or 64 Bit


uname -m

x86_64 ==> 64-bit kernel
i686   ==> 32-bit kernel

/bin/uname -m

x86_64 ==> 64-bit kernel
i686   ==> 32-bit kernel

getconf LONG_BIT

64 ==> 64-bit kernel
32 ==> 32-bit kernel

arch

x86_64 ==> 64-bit kernel
i686   ==> 32-bit kernel

file /sbin/init

/sbin/init: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped    ==> 64-bit kernel

/sbin/init: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, stripped   ==> 32-bit kernel

In Ubuntu

dpkg --print-architecture

amd64 ==> 64-bit kernel
amd32 ==> 32-bit kernel

Ref: http://stackoverflow.com/questions/246007/how-to-determine-whether-a-given-linux-is-32-bit-or-64-bit



Tuesday 27 May 2014

Change Run Levels in Linux


Find Out Current Run Level

who -r
run-level 3  2014-05-27 17:04

Or

runlevel
N 3

Use the init command to change rune levels:

init 1

To change the default run level:

vi /etc/inittab
id:5:initdefault:

Reboot the system to see changes:

reboot

Ref:
http://www.cyberciti.biz/tips/linux-changing-run-levels.html
http://www.ibm.com/developerworks/library/l-lpic1-v3-101-3/

Monday 19 May 2014

Clear Memory Cache on Linux Server

Flush file system buffers by executing,

# sync

Kernels 2.6.16.x and newer versions of kernel provide a mechanism to have the kernel drop the page cache and/or inode and dentry caches on command, which can be helpful to free up a lot of memory.

To free page cache:

# echo 1 > /proc/sys/vm/drop_caches

To free dentries and inodes:

# echo 2 > /proc/sys/vm/drop_caches

To free page cache, dentries and inodes:

echo 3 > /proc/sys/vm/drop_caches

or

sync; echo 3 > /proc/sys/vm/drop_caches

Sync should be run because this is a non-destructive operation, and dirty objects are not freeable.
So you run sync in order to make sure all cached objects are freed.

To do clearing memory cache on a particular interval, just add the command to cron job

vi cacheclear.sh

#!/bin/sh
sudo sh -c "sync; echo 3 > /proc/sys/vm/drop_caches"

Ref: http://www.unixmen.com/how-to-clear-memory-cache-on-linux-servers/

Sunday 18 May 2014

Force fsck in Linux


fsck stands for "file system check" and it is used to check and optionally repair one or more Linux file systems. Normally, the fsck program will try to handle filesystems on different physical disk drives in parallel to reduce the total amount of time needed to check all of the filesystems

Login as the root:
su root

Change directory to root (/) directory:
cd /

Create a file called forcefsck:
touch /forcefsck

Now reboot the system:
reboot

login as root and type the following command to reboot and run fsck:

shutdown -rF now

The -F option force fsck on reboot.


Ref:
http://www.cyberciti.biz/faq/linux-force-fsck-on-the-next-reboot-or-boot-sequence/
https://wiki.archlinux.org/index.php/fsck


Thursday 15 May 2014

Recursively list all hidden files and directories


The basic syntax is as follows:

find /dir/to/search/ -name ".*" -print

find /dir/to/search/ -name ".*" -ls

search only hidden files:

find /dir/to/search/ -type f -iname ".*" -ls

search only hidden directories:

find /dir/to/search/ -type d -iname ".*" -ls
find /dir/to/search -path '*/.*' -print
find /dir/to/search -path '*/.*' -ls

In this example, search $HOME for all hidden files and dirs:

find $HOME -name ".*" -ls

135237    4 -rw-r--r--   1 root     root           18 May 20  2009 /root/.bash_logout
137605    4 -rw-------   1 root     root           32 May 15 01:08 /root/.mysql_history
135240    4 -rw-r--r--   1 root     root          100 Sep 22  2004 /root/.cshrc
131153    4 drwxr-----   3 root     root         4096 Feb 27 19:28 /root/.pki
136444    4 -rw-r--r--   1 root     root          686 Feb 27 07:22 /root/.bash_profile
137510    4 drwx------   2 root     root         4096 May  8 02:00 /root/.ssh
135241    4 -rw-r--r--   1 root     root          129 Dec  3  2004 /root/.tcshrc
136494    4 -rw-r--r--   1 root     root          310 Feb 27 07:22 /root/.bashrc
137490   16 -rw-------   1 root     root        14970 May 15 01:02 /root/.bash_history

Ref: http://www.cyberciti.biz/faq/unix-linux-centos-ubuntu-find-hidden-files-recursively/

Recursively list all files and directories


ls -alR

find . -exec ls -dl \{\} \; | awk '{print $3, $4, $9}'

find . -printf "%u %g %p\n"

tree -p -u -g -f -i

tree -p -u -g -f

find $PWD -type f

find . -ls

List only .html files

find . -name "*.html"

Ref: http://stackoverflow.com/questions/501367/how-to-recursively-list-all-files-and-directories

Wednesday 14 May 2014

History Command in Linux


List All Executed Commands in Linux

history

List All Commands with Date and Timestamp

export HISTTIMEFORMAT='%F %T  '
history
%F Equivalent to %Y - %m - %d
%T Replaced by the time ( %H : %M : %S )

Filter Commands in History

export HISTIGNORE='ls -l:pwd:date:'
history

Ignore Duplicate Commands in History

export HISTCONTROL=ignoredups
history

Unset export Command

unset export HISTCONTROL
history

Save export Command Permanently

vi .bash_profile
PATH=$PATH:$HOME/bin
export PATH

Disable Storing History of Commands

vi .bash_profile
PATH=$PATH:$HOME/bin
HISTSIZE=0
export PATH
.bash_profile (END)

source .bash_profile

Delete or Clear History of Commands

history -c

Search Commands in History Using Grep Command

history | grep pwd

Recall Lastly Executed Command

Bang and 8 (!8)

Recall Lastly Executed Specific Command

!net

List last 25 commands

history 25

Ref: 

http://www.tecmint.com/history-command-examples/
https://www.digitalocean.com/community/articles/how-to-use-bash-history-commands-and-expansions-on-a-linux-vps

DoS and DDoS attack

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is a attack in which the server resources become unavailable to its intended users.

A DOS attack is an attempt to make a system or server unavailable for legitimate users and, finally, to take the service down. This is achieved by flooding the server’s request queue with fake requests. After this, server will not be able to handle the requests of legitimate users.

In general, there are two forms of the DOS attack. The first form is on that can crash a server. The second form of DOS attack only floods a service.

In simple words DDOS attack is, when a server system is being flooded from fake requests coming from multiple sources (potentially hundreds of thousands), it is known as a DDOS attack. In this case, blocking a single or few IP address does not work. The more members in the zombie network, more powerful the attack it. For creating the zombie network, hackers generally use a Trojan.

There are basically three types of DDOS attacks:

Application layer DDOS attack: Application-layer DDOS attacks are attacks that target Windows, Apache, OpenBSD, or other software vulnerabilities to perform the attack and crash the server.

Protocol DDOS attack: A protocol DDOS attacks is a DOS attack on the protocol level. This category includes Synflood, Ping of Death, and more.

Volume-based DDOS attack: This type of attack includes ICMP floods, UDP floods, and other kind of floods performed via spoofed packets.

How to troubleshoot,

list of IP’s with maximum number of connections to server,

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

remember that ddos becomes more complex as attackers are using fewer connections with more number of attacking IP’s,

the number of active connections open to server,

netstat -n | grep :80 |wc -l

netstat -n | grep :80 | grep SYN |wc -l

Ex:
cd /edu-log/edurite/
cat 20140505.access.log | awk '{print $1}' |sort |uniq -c |sort -nr |more

------------
110.85.112.16
27.153.209.89
120.33.245.187
27.150.229.164
121.205.197.8
121.205.196.173
27.153.186.129
------------

Trace the IP using the follwoing URL,

http://tools.whois.net/whoisbyip/

One example for how to block a particular IP on the server,

iptables -A INPUT -s 27.153.186.129 -j DROP

/etc/init.d/iptables save
/etc/init.d/firewall restart

Ref:

http://webhosting.uk.com/kb/how-to-check-if-your-linux-server-is-under-ddos-attack/
http://resources.infosecinstitute.com/dos-attacks-free-dos-attacking-tools/